The ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ report by the Swiss Federal Office of Energy concludes that the electricity industry needs to take action on cybersecurity.
There’s no doubt that the electricity supply is most likely the most important of all critical infrastructures in a modern, digitalised society. In the Swiss Confederation, the electricity supply network is heavily fragmented – there are around 600 power plants supplying homes and businesses in the network. Unlike other critical infrastructures, the electricity sector must be viewed as a complex overall system from the perspective of cybersecurity. In view of the threat situation, this gives rise to major challenges.
Inside-it.ch columnist Martin Leuthold of the Switch Foundation has analysed the report entitled ‘Cybersecurity and cyber resilience in the Swiss electricity supply’ and gives his thoughts on four proposals made by the Swiss Federal Office of Energy (SFOE).
Who are the key market players in Switzerland?
The report starts by using the term ‘boundary conditions’ to propose that the SFOE define mandatory requirements and/or a risk-based minimum standard for key market players. In terms of the criteria for defining ‘key market players’, reference is made to the practice in neighbouring countries, which makes sense. How these parameters should be defined in Switzerland, however, remains unanswered. Realistically, the focus should initially be on 20 to 30 leading energy firms. We recommend looking for ways in which the many small utility suppliers can also be included in parallel with the industry.
There are more than 2.6 million podcasts available on Spotify. For every possible topic you can find experts, famous people or entertainers talking about it. Among podcasts evolving around politics, sports, psychology, crime or history there are also some putting the topic of information security in the spotlight.
A lot of security, but no awareness
If you are working in security awareness there is not much in it for you though. Most podcasts on security cover the topic by inviting one phishing simulation provider. But as you know, there is so much more to it!
This is why Marcus Beyer (Security Awareness Officer at Swisscom) and I decided to start our own podcast on security awareness only: Security Awareness Insider (in German).
FluBot is a new Android malware first discovered in December 2020. During the first few months, FluBot has been active in Spain, Hungary and Poland. Since then, the development of the malware advanced quickly and the malware has set foot in almost all European countries.
On the 18th of June 2021 FluBot version 4.6 was spotted which added a configuration for Switzerland. As of today it is actively being spamertized through SMS.
FluBot is known by different names. The name “FluBot” is best known because this was the name given in the first public technical writing. Below the reference to the most well known aliases:
January 2021, ThreatFabric was the first to give it the name “Cabassous” in a Twitter post
March 2021, ProDaft published a detailed technical report and gave it the name “FluBot”
April 2021, IBM Trusteer took a deeper look at the different FluBot versions and gave it the name “FakeChat“
FluBot is distributed using smishing (a combination from the words SMS and phishing). The victim receives an SMS with a link to an URL which distributes the APK. The installation is straight forward using sideloading.
The Swiss Federal council adopted the lower laws to the telecommunicaiton act today. Amongst it is the Ordinance on Internet Domains that also regulates the ccTLD .ch. SWITCH-CERT welcomes the new ordinance and the smart regulation by the Federal Office of Communications (OFCOM). The Ordinance on Internet Domains will come to power on 1.1.2021 and has some important changes.
The most obvious ist that the personal data of domain holders will no longer be published in the public whois, following other European countries and the GDPR. This is an important change to protect the privacy of Domain holders. There will be a regulated and monitored access for Swiss Authorities and others that require that data for fighting cybercrime or have other legitimate reasons to get access to the identity of a domain holder. You can find more information on the SWITCH website.
Not so obvious, but from the CERT and security persepective as important is that the .ch zone file will be published as a whole. While the data about (active) .ch domains itself has been published in the distributed Domain Name System ever since, the file containing all domain names – the .ch “zone” – was never public. This will change as of January 2021, details on how to access the .ch zone file will be published at the SWITCH open data page soon.
Cyber Security Month with GÉANT – “Become a cyber hero”
The European data network for the research and education community GÉANT interconnects national research and education networks (NRENs) like SWITCH across Europe, enabling collaboration virtually and accelerate research, drive innovation and enrich education.
Also this year GÉANT joins the European Cyber Security Month, an initiative launched by ENISA, EC DG CONNECT and a variety of partners, to raise security awareness within the European community. With the tagline «Become a cyber hero» GÉANT publishes practical tips, case studies and articles on social engineering, phishing, password security and ransomware throughout October. The content is provided by experts within the community.
SWITCH-CERT is proud to share with you one of the interesting contributions from the Swiss NREN. Read about Björn Abt, IT Security Officer at the Paul Scherrer Institut (PSI), talking about their approach to security awareness: